Session 7: Assuring Cyber-Security in the Western Balkans and the Rest of Europe: Roles and Responsibilities of Institutions, Industry and Users?

Session 7: Assuring Cyber-Security in the Western Balkans and the Rest of Europe: Roles and Responsibilities of Institutions, Industry and Users?

(in cooperation with DCAF)

Almost every day we hear about new challenges to cyber-security which mean that nowadays even experts find it difficult to keep up to date with the latest developments, not to mention governments, service providers or the ordinary user. In addition, faced with such challenges we need to ask ourselves not only what we need to do to ensure cyber-security but also who needs to act. Who is responsible for preventing (assessing risks, building network resilience, securing critical infrastructure and end-user services, preparing emergency responses, and raising awareness of risks and prevention) and fighting (investigating, reporting, prosecuting, cooperating internationally) cyber-threats?

In order to take action, we also have to discuss the appropriate mechanisms for ensuring cyber-security. Can we merely rely on laws and law enforcement agencies, or do we need more flexible and creative methods, mechanisms that also bring together all the stakeholders involved (governments, the private sector and users)? And who decides on the rules which we apply in defining threats to cyber-security, and the best ways of preventing and fighting them? Finally, it also seems clear that it is impossible to solve this issue by acting only within the borders of the nation state. International cooperation is essential.

To address some of those issues the following questions will be discussed during the session:

1. Mapping threats (general, but also those relevant for the Western Balkan region)

2.1 Are the different actors – government, regulators, industry and civil society – aware of the risks and their roles and responsibilities?

2.2 Is enough being done to make the different actors aware of their responsibilities and capable of performing their roles? (E.g. do legal frameworks exist which define the responsibilities of actors such as the private sector? Do institutions and actors have sufficient knowledge capacities to play their roles? Is awareness raised amongst end users about the risks and their responsibilities?)

3.1 What are good examples of platforms or institutions for bringing together government and the private sector? How could this be replicated in other countries? What are the challenges for this cooperation?

3.2 How can the involvement of end users in raising trust and securing cyberspace be ensured? Are we doing enough to involve users? What input should they have, especially at the policy formulation level?

3.3 What concrete steps do national governments need to take to start dialogue and set in place mechanisms for national and regional cyber-security and cooperation against cyber-crime?

3.4 Do EU models or strategies provide useful guidance for setting up national cyber-security strategies and/or legal frameworks? What are other useful global frameworks to follow?

Speakers:

Baroness Pauline Neville-Jones‚ Government Special Representative to Business on Cyber Security, Cyber Security Challenge

Alexander Klimburg‚ Senior Adviser, The Austrian Institute for International Affairs